by Marina Glancy.
|Description:||Normally in Moodle web interface non-admin users with capability to edit other users can not edit information about admins, this was not respected in one of the web services. This can only be a security vulnerability if this WS was exposed to some external service; it is not exposed to the mobile app|
|Issue summary:||Prevent some users to be updated by update_users ws|
|Versions affected:||3.1 to 3.1.2, 3.0 to 3.0.6, 2.9 to 2.9.8, 2.8 to 2.8.12, 2.7 to 2.7.16 and earlier unsupported versions|
|Versions fixed:||3.1.3, 3.0.7, 2.9.9 and 2.7.17|
|Reported by:||Juan Leyva|